2. Data Protection Policy (DPP)
This document is at the heart of every organisation that wants to comply with GDPR. It pulls together all the various compliance issues, policies and procedures and sets them out in a coherent fashion, helping companies to clearly demonstrate the following, privacy by design, transparency and accountability for all personal data in their possession, all of which are now required under the GDPR Regulations. Unlike previous Data Protection laws, a DPP will that will pass inspection, needs to be bespoke to the organisation and should be the culmination of the organisation carrying out a GDPR Compliance Action Plan. This plan should include a full data audit trail, need to appoint a DPO (or not), Data retention, legal basis for processing, privacy policies, PIA’s, IT risk assessents, data breach management, privacy by design and default, data subject requests, data processor guidelines, dealing with Data Protection Commissioner’s office, policy on social media, and staff training.
We can carry out a full GDPR Compliance Action Plan on your behalf or assist you to carry out one, leading to a GDPR compliant Data Protection Policy and all the necessary ancillary policies.